Common Weakness Enumeration

CWE-824

Allowed

Access of Uninitialized Pointer

Abstraction: Base · Status: Incomplete

The product accesses or uses a pointer that has not been initialized.

451 vulnerabilities reference this CWE, most recent first.

GHSA-W77W-253G-C7QP

Vulnerability from github – Published: 2022-09-14 00:00 – Updated: 2022-09-14 00:00
VLAI
Details

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17506)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39147"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-13T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in Parasolid V33.1 (All versions \u003c V33.1.262), Parasolid V33.1 (All versions \u003e= V33.1.262 \u003c V33.1.263), Parasolid V34.0 (All versions \u003c V34.0.252), Parasolid V34.1 (All versions \u003c V34.1.242), Parasolid V35.0 (All versions \u003c V35.0.161), Parasolid V35.0 (All versions \u003e= V35.0.161 \u003c V35.0.164), Simcenter Femap V2022.1 (All versions \u003c V2022.1.3), Simcenter Femap V2022.2 (All versions \u003c V2022.2.2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17506)",
  "id": "GHSA-w77w-253g-c7qp",
  "modified": "2022-09-14T00:00:50Z",
  "published": "2022-09-14T00:00:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39147"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-518824.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W8VG-H5MJ-7G47

Vulnerability from github – Published: 2022-02-11 00:00 – Updated: 2025-05-05 18:31
VLAI
Details

Access of uninitialized pointer in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-21156"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-09T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Access of uninitialized pointer in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access.",
  "id": "GHSA-w8vg-h5mj-7g47",
  "modified": "2025-05-05T18:31:35Z",
  "published": "2022-02-11T00:00:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21156"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00639.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WCPP-3X59-H8VP

Vulnerability from github – Published: 2026-03-12 21:34 – Updated: 2026-07-14 15:31
VLAI
Details

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3497"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824",
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-12T19:16:19Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.",
  "id": "GHSA-wcpp-3x59-h8vp",
  "modified": "2026-07-14T15:31:40Z",
  "published": "2026-03-12T21:34:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3497"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:10065"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:21690"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:21695"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:25096"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:5475"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:6461"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:6462"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:6463"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:7107"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:9415"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:9732"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-3497"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447085"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3497.json"
    },
    {
      "type": "WEB",
      "url": "https://ubuntu.com/security/CVE-2026-3497"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/03/12/3"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:10714"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:12071"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13750"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13812"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:14773"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:14924"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:15087"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:15891"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:15893"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:16008"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:16009"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:16030"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:16174"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:17596"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19724"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19725"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:20040"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:20087"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/03/12/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/03/14/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/03/14/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/03/18/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/03/18/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/03/18/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/03/18/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-WFX2-P684-Q6V4

Vulnerability from github – Published: 2023-11-16 15:30 – Updated: 2023-11-16 15:30
VLAI
Details

Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-47044"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-16T15:15:11Z",
    "severity": "LOW"
  },
  "details": "Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-wfx2-p684-q6v4",
  "modified": "2023-11-16T15:30:20Z",
  "published": "2023-11-16T15:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47044"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WH9F-45PX-J437

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2023-03-15 00:30
VLAI
Details

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3594"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-15T21:15:00Z",
    "severity": "LOW"
  },
  "details": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027udphdr\u0027 structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",
  "id": "GHSA-wh9f-45px-j437",
  "modified": "2023-03-15T00:30:46Z",
  "published": "2022-05-24T19:05:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3594"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970491"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202107-44"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210805-0004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WHJF-X8MC-6GR3

Vulnerability from github – Published: 2023-03-07 18:30 – Updated: 2023-03-14 21:30
VLAI
Details

An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-45861"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-07T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.",
  "id": "GHSA-whjf-x8mc-6gr3",
  "modified": "2023-03-14T21:30:21Z",
  "published": "2023-03-07T18:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45861"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/psirt/FG-IR-22-477"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WPJG-4663-XP87

Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36
VLAI
Details

In ihevc_inter_pred_chroma_copy_ssse3 of ihevc_inter_pred_filters_ssse3_intr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158484516

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-0488"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-15T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In ihevc_inter_pred_chroma_copy_ssse3 of ihevc_inter_pred_filters_ssse3_intr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158484516",
  "id": "GHSA-wpjg-4663-xp87",
  "modified": "2022-05-24T17:36:26Z",
  "published": "2022-05-24T17:36:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0488"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2020-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-WRHP-5VCR-45PG

Vulnerability from github – Published: 2022-05-02 03:27 – Updated: 2022-05-02 03:27
VLAI
Details

The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-1721"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-07-31T19:00:00Z",
    "severity": "MODERATE"
  },
  "details": "The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.",
  "id": "GHSA-wrhp-5vcr-45pg",
  "modified": "2022-05-02T03:27:53Z",
  "published": "2022-05-02T03:27:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1721"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36030"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36032"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36096"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36123"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36753"
    },
    {
      "type": "WEB",
      "url": "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz"
    },
    {
      "type": "WEB",
      "url": "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3757"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1842"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:190"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35838"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022674"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-831-1"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2035"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2172"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-WV2P-H6G5-VP98

Vulnerability from github – Published: 2025-07-09 00:30 – Updated: 2025-07-09 00:30
VLAI
Details

InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47098"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T23:15:23Z",
    "severity": "HIGH"
  },
  "details": "InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-wv2p-h6g5-vp98",
  "modified": "2025-07-09T00:30:33Z",
  "published": "2025-07-09T00:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47098"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/incopy/apsb25-59.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WV34-XCJ8-F3MQ

Vulnerability from github – Published: 2025-02-25 18:31 – Updated: 2026-04-06 15:31
VLAI
Details

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-26599"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-25T16:15:39Z",
    "severity": "HIGH"
  },
  "details": "An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.",
  "id": "GHSA-wv34-xcj8-f3mq",
  "modified": "2026-04-06T15:31:19Z",
  "published": "2025-02-25T18:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26599"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345253"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-26599"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:7458"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:7165"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:7163"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:3976"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:2880"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:2879"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:2875"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:2874"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:2873"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:2866"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:2865"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:2862"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:2861"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:2502"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:2500"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.